The advent of virtualization technologies for commodity hardware has provided benefits with respect to managing large-scale computing resources for many clients with diverse needs, allowing various computing resources to be efficiently shared by multiple clients. For example, virtualization technologies may allow a single physical computing machine to be shared among multiple users by providing each user with one or more virtual machines hosted by the single physical computing machine, with each such virtual machine being a software simulation acting as a distinct logical computing system that provides users with the illusion that they are the sole operators and administrators of a given hardware computing resource. Furthermore, some virtualization technologies are capable of providing virtual resources that span two or more physical resources, such as a single virtual machine with multiple virtual processors that spans multiple distinct physical computing systems. With virtualization, the single physical computing device can create, maintain or delete virtual machines in a dynamic manner. In turn, users can request computer resources from a service provider and be provided with varying numbers of virtual machine resources on an “as needed” basis or at least on an “as requested” basis.
In virtualized computing environments and in local computing systems, system resources, including physical memory pages, are sometimes shared between processes or applications executing in the system. For example, in a local system, malicious applications that attempt to spy on other executing processes or applications might share physical memory pages with those other processes or applications by means of a shared library. In a virtualized environment, malicious applications might share physical memory pages with a targeted process or application by means of Kernel SamePage Merging (KSM), in which identical memory pages are shared between different processes or applications (and, in some cases, users).
By measuring the timing of accesses to main memory on shared pages, a malicious application can be used to detect whether a target memory area resides in a cache. This cache residency can be correlated with recent usage of data in the memory area in the system by one of the processes or applications that shares access to the target memory area. An attacking program can continuously flush relevant memory areas from the caches in the system and observe the timing of accesses to those memory areas, thereby monitoring the behavior of a target program. Such attacks are sometimes referred to as timing side-channel attacks.
While embodiments are described herein by way of example for several embodiments and illustrative drawings, those skilled in the art will recognize that the embodiments are not limited to the embodiments or drawings described. It should be understood, that the drawings and detailed description thereto are not intended to limit embodiments to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope as defined by the appended claims. The headings used herein are for organizational purposes only and are not meant to be used to limit the scope of the description or the claims. As used throughout this application, the word “may” is used in a permissive sense (i.e., meaning having the potential to), rather than the mandatory sense (i.e., meaning must). Similarly, the words “include,” “including,” and “includes” mean including, but not limited to.